Bump sentry & fix audit (#186) #26
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Deploy | |
| on: | |
| push: | |
| tags: ["*"] | |
| env: | |
| ENVIRONMENT: CI-deploy | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres | |
| DJANGO_SETTINGS_MODULE: up.settings.production | |
| MANUAL_PRODUCTION: True | |
| SECRET_KEY: ${{ secrets.SECRET_KEY }} | |
| GPR_TOKEN: ${{ secrets.GPR_TOKEN }} | |
| REGISTRY: ghcr.io | |
| jobs: | |
| build_and_deploy: | |
| name: Build & Deploy | |
| runs-on: ubuntu-22.04 | |
| # github token opravneni pro upload k releasum/do container registru | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| # priprav prostredi | |
| - name: ☁️ Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: 🔧 Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| cache-dependency-path: "**/package-lock.json" | |
| - name: 🔧 Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| cache: "pipenv" | |
| # spust skripty pro upravu souboru | |
| - name: 📝 Create .npmrc file | |
| run: ./scripts/shell/ci/create_npmrc.sh | |
| - name: 📝 Apply string substitution | |
| run: ./scripts/shell/ci/string_substitution.sh | |
| - name: 📝 Create dummy .env file | |
| run: touch .env | |
| # nainstaluj JS zavislosti | |
| - name: 🔧 JS - install deps & build frontend app | |
| run: npm ci | |
| # nainstaluj Python zavislosti | |
| - name: 🔧 Python - install deps | |
| run: | | |
| pip install pipenv | |
| pipenv install --deploy --dev | |
| # priprav Django aplikaci | |
| - name: 🔧 Python - build Django app (staticfiles) | |
| run: pipenv run python manage.py collectstatic --noinput | |
| # zabal frontend do zipu pro GH a nahraj | |
| - name: ✨ Pre-deploy tasks Github Releases | |
| run: ./scripts/shell/ci/create_frontend_zip.sh | |
| - name: 🚀 Upload build artifacts to GitHub Releases | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: frontend.zip | |
| - name: 🧹 Post-deploy tasks Github Releases | |
| run: ./scripts/shell/ci/remove_frontend_zip.sh | |
| # smazani dat z buildu, testovani a dokumentace | |
| - name: 🧹 Cleanup project folder | |
| run: ./scripts/shell/ci/cleanup.sh | |
| # nastavime spravnou fly.io konfiguraci | |
| - name: 🧹 Pre-deploy tasks Fly.io | |
| run: mv fly.prod.toml fly.toml | |
| # pripravime fly.io klienta pro deploy | |
| - name: 🧹 Pre-deploy tasks Fly.io - client | |
| uses: superfly/flyctl-actions/setup-flyctl@master | |
| # nasazeni prod verze na Fly.io | |
| - name: 🚀 Deploy to prod Fly.io | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| run: flyctl deploy --remote-only | |
| env: | |
| FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN_PROD }} | |
| # nahrani kontejneru s app do container registru | |
| - name: 🔧 Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: 🔧 Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ github.repository }} | |
| - name: 🚀 Build and push Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |